|
@@ -4247,10 +4247,11 @@ class Archiver:
|
|
|
|
|
|
|
|
1. Ask you to come up with a passphrase.
|
|
1. Ask you to come up with a passphrase.
|
|
|
2. Create a borg key (which contains some random secrets. See :ref:`key_files`).
|
|
2. Create a borg key (which contains some random secrets. See :ref:`key_files`).
|
|
|
- 3. Encrypt the key with your passphrase.
|
|
|
|
|
- 4. Store the encrypted borg key inside the repository directory (in the repo config).
|
|
|
|
|
|
|
+ 3. Derive a "key encryption key" from your passphrase
|
|
|
|
|
+ 4. Encrypt and sign the key with the key encryption key
|
|
|
|
|
+ 5. Store the encrypted borg key inside the repository directory (in the repo config).
|
|
|
This is why it is essential to use a secure passphrase.
|
|
This is why it is essential to use a secure passphrase.
|
|
|
- 5. Encrypt and sign your backups to prevent anyone from reading or forging them unless they
|
|
|
|
|
|
|
+ 6. Encrypt and sign your backups to prevent anyone from reading or forging them unless they
|
|
|
have the key and know the passphrase. Make sure to keep a backup of
|
|
have the key and know the passphrase. Make sure to keep a backup of
|
|
|
your key **outside** the repository - do not lock yourself out by
|
|
your key **outside** the repository - do not lock yourself out by
|
|
|
"leaving your keys inside your car" (see :ref:`borg_key_export`).
|
|
"leaving your keys inside your car" (see :ref:`borg_key_export`).
|
|
@@ -4258,7 +4259,7 @@ class Archiver:
|
|
|
never sees your passphrase, your unencrypted key or your unencrypted files.
|
|
never sees your passphrase, your unencrypted key or your unencrypted files.
|
|
|
Chunking and id generation are also based on your key to improve
|
|
Chunking and id generation are also based on your key to improve
|
|
|
your privacy.
|
|
your privacy.
|
|
|
- 6. Use the key when extracting files to decrypt them and to verify that the contents of
|
|
|
|
|
|
|
+ 7. Use the key when extracting files to decrypt them and to verify that the contents of
|
|
|
the backups have not been accidentally or maliciously altered.
|
|
the backups have not been accidentally or maliciously altered.
|
|
|
|
|
|
|
|
Picking a passphrase
|
|
Picking a passphrase
|
|
@@ -4329,6 +4330,25 @@ class Archiver:
|
|
|
|
|
|
|
|
If you do **not** want to encrypt the contents of your backups, but still want to detect
|
|
If you do **not** want to encrypt the contents of your backups, but still want to detect
|
|
|
malicious tampering use an `authenticated` mode. It's like `repokey` minus encryption.
|
|
malicious tampering use an `authenticated` mode. It's like `repokey` minus encryption.
|
|
|
|
|
+
|
|
|
|
|
+ Key derivation functions
|
|
|
|
|
+ ++++++++++++++++++++++++
|
|
|
|
|
+
|
|
|
|
|
+ - ``--key-algorithm argon2`` is the default and is recommended.
|
|
|
|
|
+ The key encryption key is derived from your passphrase via argon2-id.
|
|
|
|
|
+ Argon2 is considered more modern and secure than pbkdf2.
|
|
|
|
|
+
|
|
|
|
|
+ - You can use ``--key-algorithm pbkdf2`` if you want to access your repo via old versions of borg.
|
|
|
|
|
+
|
|
|
|
|
+ Our implementation of argon2-based key algorithm follows the cryptographic best practices:
|
|
|
|
|
+
|
|
|
|
|
+ - It derives two separate keys from your passphrase: one to encrypt your key and another one
|
|
|
|
|
+ to sign it. ``--key-algorithm pbkdf2`` uses the same key for both.
|
|
|
|
|
+
|
|
|
|
|
+ - It uses encrypt-then-mac instead of encrypt-and-mac used by ``--key-algorithm pbkdf2``
|
|
|
|
|
+
|
|
|
|
|
+ Neither is inherently linked to the key derivation function, but since we were going
|
|
|
|
|
+ to break backwards compatibility anyway we took the opportunity to fix all 3 issues at once.
|
|
|
""")
|
|
""")
|
|
|
subparser = subparsers.add_parser('init', parents=[common_parser], add_help=False,
|
|
subparser = subparsers.add_parser('init', parents=[common_parser], add_help=False,
|
|
|
description=self.do_init.__doc__, epilog=init_epilog,
|
|
description=self.do_init.__doc__, epilog=init_epilog,
|
|
@@ -4351,7 +4371,8 @@ class Archiver:
|
|
|
help='Set storage quota of the new repository (e.g. 5G, 1.5T). Default: no quota.')
|
|
help='Set storage quota of the new repository (e.g. 5G, 1.5T). Default: no quota.')
|
|
|
subparser.add_argument('--make-parent-dirs', dest='make_parent_dirs', action='store_true',
|
|
subparser.add_argument('--make-parent-dirs', dest='make_parent_dirs', action='store_true',
|
|
|
help='create the parent directories of the repository directory, if they are missing.')
|
|
help='create the parent directories of the repository directory, if they are missing.')
|
|
|
- subparser.add_argument('--key-algorithm', dest='key_algorithm', default='argon2', choices=list(KEY_ALGORITHMS))
|
|
|
|
|
|
|
+ subparser.add_argument('--key-algorithm', dest='key_algorithm', default='argon2', choices=list(KEY_ALGORITHMS),
|
|
|
|
|
+ help='the algorithm we use to derive a key encryption key from your passphrase. Default: argon2')
|
|
|
|
|
|
|
|
# borg key
|
|
# borg key
|
|
|
subparser = subparsers.add_parser('key', parents=[mid_common_parser], add_help=False,
|
|
subparser = subparsers.add_parser('key', parents=[mid_common_parser], add_help=False,
|
|
@@ -4485,15 +4506,33 @@ class Archiver:
|
|
|
change_algorithm_epilog = process_epilog("""
|
|
change_algorithm_epilog = process_epilog("""
|
|
|
Change the algorithm we use to encrypt and authenticate the borg key.
|
|
Change the algorithm we use to encrypt and authenticate the borg key.
|
|
|
|
|
|
|
|
|
|
+ Important: In a `repokey` mode (e.g. repokey-blake2) all users share the same key.
|
|
|
|
|
+ In this mode upgrading to `argon2` will make it impossible to access the repo for users who use an old version of borg.
|
|
|
|
|
+ We recommend upgrading to the latest stable version.
|
|
|
|
|
+
|
|
|
|
|
+ Important: In a `keyfile` mode (e.g. keyfile-blake2) each user has their own key (in ``~/.config/borg/keys``).
|
|
|
|
|
+ In this mode this command will only change the key used by the current user.
|
|
|
|
|
+ If you want to upgrade to `argon2` to strengthen security, you will have to upgrade each user's key individually.
|
|
|
|
|
+
|
|
|
Your repository is encrypted and authenticated with a key that is randomly generated by ``borg init``.
|
|
Your repository is encrypted and authenticated with a key that is randomly generated by ``borg init``.
|
|
|
The key is encrypted and authenticated with your passphrase.
|
|
The key is encrypted and authenticated with your passphrase.
|
|
|
|
|
|
|
|
We currently support two choices:
|
|
We currently support two choices:
|
|
|
|
|
+
|
|
|
1. argon2 - recommended. This algorithm is used by default when initialising a new repository.
|
|
1. argon2 - recommended. This algorithm is used by default when initialising a new repository.
|
|
|
The key encryption key is derived from your passphrase via argon2-id.
|
|
The key encryption key is derived from your passphrase via argon2-id.
|
|
|
Argon2 is considered more modern and secure than pbkdf2.
|
|
Argon2 is considered more modern and secure than pbkdf2.
|
|
|
- 1. pbkdf2 - the legacy algorithm. Use this if you want to access your repo via old versions of borg.
|
|
|
|
|
|
|
+ 2. pbkdf2 - the legacy algorithm. Use this if you want to access your repo via old versions of borg.
|
|
|
The key encryption key is derived from your passphrase via PBKDF2-HMAC-SHA256.
|
|
The key encryption key is derived from your passphrase via PBKDF2-HMAC-SHA256.
|
|
|
|
|
+
|
|
|
|
|
+ Examples::
|
|
|
|
|
+
|
|
|
|
|
+ # Upgrade an existing key to argon2
|
|
|
|
|
+ borg key change-algorithm /path/to/repo argon2
|
|
|
|
|
+ # Downgrade to pbkdf2 - use this if upgrading borg is not an option
|
|
|
|
|
+ borg key change-algorithm /path/to/repo pbkdf2
|
|
|
|
|
+
|
|
|
|
|
+
|
|
|
""")
|
|
""")
|
|
|
subparser = key_parsers.add_parser('change-algorithm', parents=[common_parser], add_help=False,
|
|
subparser = key_parsers.add_parser('change-algorithm', parents=[common_parser], add_help=False,
|
|
|
description=self.do_change_algorithm.__doc__,
|
|
description=self.do_change_algorithm.__doc__,
|
Andrey Andreyevich Bienkowski